Language Selection

English French German Italian Portuguese Spanish

Unpatched Firefox flaw may expose users

Filed under
Moz/FF
Security

A new, unpatched flaw in that affects all versions of Firefox could let attackers surreptitiously run malicious code on users' PCs, a security researcher has warned.

The problem lies in the way Firefox handles Web links that are overly long and contain dashes, security researcher Tom Ferris said in an interview via instant messaging late Thursday.

He posted an advisory and a proof of concept to the Full Disclosure security mailing list and to his Security Protocols Web site.

The security vulnerability is a buffer overflow flaw that "allows for an attacker to remotely execute arbitrary code" on a vulnerable PC, Ferris said. An attacker could host a Web site containing the malicious code to exploit the flaw, he said. Though his proof of concept only crashes Firefox, Ferris claims he has been able to tweak it to run code.

Severity:
Critical

Vendor:
Mozilla

Versions Affected:
Firefox Win32 1.0.6 and prior
Firefox Linux 1.0.6 and prior
Firefox 1.5 Beta 1 (Deer Park Alpha 2)

Full Story.

More in Tux Machines

2014: A Banner Year for Open Source

Open source was initially adopted for low cost and lack of vendor lock-in, but customers have found that it also results in better innovation and more flexibility. Now it is pervasive, and it is challenging proprietary incumbents across technology categories. It is not only mainstream, open source is truly leading innovation in areas like cloud, mobile, big data, the Internet of Things, and beyond. As we embark on a new year, I cannot help but reflect on the speed with which technology is changing. Rapidly delivering technology is about much more than just the technology – it is about people and culture. More than ever, this is why executives are looking at key technology companies – including Red Hat – as their partner instead of as a vendor. Read more

IsoHunt releases roll-your-own Pirate Bay

Open Source Meritocracy Is More Than a Joke

In January 2014, Github removed the rug in its office's waiting room in response to criticism of its slogan, "United Meritocracy of Github." Since then, the criticism of the idea of meritocracy has spread in free software circles. "Meritocracy is a joke," has become a slogan seen on T-shirts and constantly proclaimed, especially by feminists. Such commentary is true — so far as it goes, but it ignores the potential benefits of meritocracy as an ethos. Anyone who bothers to look can see that meritocracy is more of an ideal than a standard practice in free software. The idea that people should be valued for their contributions may seem to be a way to promote fairness, but the practice is frequently more complicated. Read more Also: Unmanagement and unleadership

Linux Kernel Developers Consider Live Kernel Patching Solution

kPatch and kGraph may soon enable live kernel updates on all Linux distributions, making it possible to apply security and other patches on the open source operating system without rebooting. Read more